Flexible licensing architecture for licensing digital application

ABSTRACT

An application includes a plurality of features. A transaction is engaged with a retailer to obtain a product license corresponding to the application. The product license defines at least one feature of the application that may be employed. A base copy of the application is obtained from a distributor and is actuated. A use license corresponding to the product license is acquired from a licensor by way of the actuated application sending the product license to the licensor along with an identification of at least one of a user, the computing device, and a trusted component operating on the computing device, where the use license includes feature policy granting rights to employ each feature defined in the product license.

TECHNICAL FIELD

The present invention relates to a computing device and method forproviding a license to operate a digital application on the computingdevice. More particularly, the invention relates to such a computingdevice and method where only one version of the digital application needbe released with multiple available features, and where a particularlicense issued to a particular user specifies which available featuresmay be employed by the user. Thus, the publisher of the application neednot release multiple versions of the same application, and the user inobtaining the license can select which of the multiple availablefeatures are to be licensed.

BACKGROUND OF THE INVENTION

Rights management and enforcement is highly desirable in connection withdigital content such as a digital application or the like, where suchdigital application is to be distributed to one or more users. Typicalmodes of distribution include tangible devices such as a magnetic(floppy) disk, a magnetic tape, an optical (compact) disk (CD), etc.,and intangible media such as an electronic bulletin board, an electronicnetwork, the Internet, etc. Upon being received by the user on acomputing device thereof, such user can activate the application withthe aid of an appropriate operating system on the computing device.

Typically, an author and/or publisher of the application wishes todistribute such application to each of many users or recipients inexchange for a license fee or some other consideration. In suchscenario, then, the application may be a word processing application, aspreadsheet application, a browser application, a gaming application, amedia player application, a combination thereof, and the like. Suchauthor/publisher or other similar entity (hereinafter, “publisher”),given the choice, would likely wish to restrict what each user can dowith such published application. For example, the publisher would liketo restrict the user from copying and re-distributing such applicationto a second user, at least in a manner that denies the publisher alicense fee from such second user.

However, after publication has occurred, such publisher has very littleif any real control over the application. This is especially problematicin view of the fact that practically every personal computer includesthe software and hardware necessary to make an exact digital copy ofsuch application, and to download such exact digital copy to awrite-able magnetic or optical disk, or to send such exact digital copyover a network such as the Internet to any destination.

Of course, as part of a transaction wherein the application isdistributed, the publisher may require the user/recipient of theapplication to promise not to re-distribute such application in anunwelcome manner. However, such a promise is easily made and easilybroken. A publisher may attempt to prevent such re-distribution throughany of several known security devices, usually involving encryption anddecryption. However, there is likely very little that prevents a mildlydetermined user from decrypting an encrypted application, saving suchapplication in an un-encrypted form, and then re-distributing same.

In addition, the publisher may wish to provide the user with theflexibility to purchase different types or editions of the application.For example, the publisher may wish to provide a full-featured editionat a higher price and a rudimentary edition at a lower price. Likewise,the publisher may wish to offer a business edition and a home edition, astudent edition and a teacher edition, or the like. Note, though, thatin the prior art, each such edition of the application would requirethat the publisher distribute a separate set of operating code. Thus,and as should be appreciated, offering multiple editions of the sameapplication requires that a publisher maintain, package, and sell eachsuch edition separately, with considerable expense. Moreover, each suchedition likely is supported separately, updated separately, and debuggedseparately, with even more considerable expense. Also, when errors orbugs in the application are found, each such edition likely must beseparately reviewed and corrected, if in fact the error exists in allsuch editions, once again with considerable expense.

To provide the user with the flexibility to purchase different editionsof an application, a publisher may offer different types of use licensesat different license fees, while at the same time holding the user tothe terms of whatever type of license is in fact purchased. For example,and in the case where the application includes multiple availablefeatures, the publisher may wish to offer a user menus of such availablefeatures/editions to be licensed, or even allow a user to selectparticular ones of the available features to be licensed. Thus, the userin purchasing such a license would be able to employ the availablefeatures of the application that are enabled by the license, and wouldbe restricted from employing the available features of the applicationthat are not enabled by the license. Presumably, fees for licenses wouldvary based on the available features enabled thereby.

Significantly, by offering multiple types of licenses for theapplication or by offering customized licenses for the application, thepublisher can avoid having to distribute multiple distinct editions ofthe application, each tailored to a particular set of availablefeatures. Instead, the publisher need only distribute a single base copyof the application with all available features, and then provide alicense that enables only a certain subset of all such availablefeatures. As may be appreciated, if the single base copy of theapplication is distributed in a form such that the application isinoperable without a valid license, such application may be freelydistributed and re-distributed, yet may only be operated by a user ifsuch user obtains a license from the publisher or an agent thereof.

Rights Management (RM) and enforcement architectures and methods havepreviously been provided to allow the controlled operation of arbitraryforms of digital applications, where such control is flexible anddefinable by the publisher of such application. Typically, a digitallicense is provided to operate the application, where the applicationcannot be actuated in a meaningful manner without such license. Forexample, it may be the case that at least a portion of the applicationis encrypted and the license includes a decryption key for decryptingsuch encrypted portion. In addition, it may be the case that the licenseis tied to a user or a computing device thereof, and such computingdevice includes a security feature that ensures that the terms of thelicense are honored.

However, such RM architectures have not heretofore been employed toeffectuate a licensing architecture where only one copy of a digitalapplication need be released with multiple available features oreditions such that a particular license issued to a particular userspecifies which available features/edition may be employed by the user.Accordingly, a need exists for such a licensing architecture, whereby apublisher of an application need not release multiple editions of thesame application, and a user in obtaining a license can select which ofthe multiple available features/editions are to be licensed.

SUMMARY OF THE INVENTION

The aforementioned needs are satisfied at least in part by the presentinvention in which a computing device and associated method are providedto obtain a use license for using an application on a computing device,where the application includes a plurality of features. In the method atransaction is engaged with a retailer to obtain a product licensecorresponding to the application from such retailer, where the productlicense defines at least one feature of the application that may beemployed based on such product license. In addition, a base copy of theapplication is obtained from a distributor and is actuated. The uselicense corresponds to the product license and is acquired from alicensor by way of the actuated application sending the product licenseto the licensor along with an identification of at least one of a user,the computing device, and a trusted component operating on the computingdevice, where the use license includes feature policy granting rights toemploy each feature defined in the product license.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing summary, as well as the following detailed description ofthe embodiments of the present invention, will be better understood whenread in conjunction with the appended drawings. For the purpose ofillustrating the invention, there are shown in the drawings embodimentswhich are presently preferred. As should be understood, however, theinvention is not limited to the precise arrangements andinstrumentalities shown. In the drawings:

FIG. 1 is a block diagram representing an exemplary non-limitingcomputing environment in which the present invention may be implemented;

FIG. 2 is a block diagram representing an exemplary network environmenthaving a variety of computing devices in which the present invention maybe implemented;

FIG. 3 is a block diagram showing an enforcement architecture of anexample of a trust-based system, including a digital license inaccordance with one embodiment of the present invention;

FIG. 4 is a block diagram showing a licensing architecture for issuing ause license to employ an edition of the application of FIG. 3 inaccordance with one embodiment of the present invention;

FIG. 5 is a flow diagram showing key steps performed during obtainingthe use license of FIGS. 3 and 4 in accordance with one embodiment ofthe present invention;

FIG. 6 is a flow diagram showing key steps performed when obtaining theuse license of FIGS. 3 and 4 to use the application of FIG. 3 inaccordance with one embodiment of the present invention; and

FIG. 7 is a flow diagram showing key steps performed when returning ortransferring the use license of FIGS. 3 and 4 in accordance with oneembodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Computer Environment

FIG. 1 and the following discussion are intended to provide a briefgeneral description of a suitable computing environment in which theinvention may be implemented. It should be understood, however, thathandheld, portable, and other computing devices of all kinds arecontemplated for use in connection with the present invention. While ageneral purpose computer is described below, this is but one example,and the present invention requires only a thin client having networkserver interoperability and interaction. Thus, the present invention maybe implemented in an environment of networked hosted services in whichvery little or minimal client resources are implicated, e.g., anetworked environment in which the client device serves merely as abrowser or interface to the World Wide Web.

Although not required, the invention can be implemented via anapplication programming interface (API), for use by a developer, and/orincluded within the network browsing software which will be described inthe general context of computer-executable instructions, such as programmodules, being executed by one or more computers, such as clientworkstations, servers, or other devices. Generally, program modulesinclude routines, programs, objects, components, data structures and thelike that perform particular tasks or implement particular abstract datatypes. Typically, the functionality of the program modules may becombined or distributed as desired in various embodiments. Moreover,those skilled in the art will appreciate that the invention may bepracticed with other computer system configurations. Other well knowncomputing systems, environments, and/or configurations that may besuitable for use with the invention include, but are not limited to,personal computers (PCs), automated teller machines, server computers,hand-held or laptop devices, multi-processor systems,microprocessor-based systems, programmable consumer electronics, networkPCs, minicomputers, mainframe computers, and the like. The invention mayalso be practiced in distributed computing environments where tasks areperformed by remote processing devices that are linked through acommunications network or other data transmission medium. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

FIG. 1 thus illustrates an example of a suitable computing systemenvironment 100 in which the invention may be implemented, although asmade clear above, the computing system environment 100 is only oneexample of a suitable computing environment and is not intended tosuggest any limitation as to the scope of use or functionality of theinvention. Neither should the computing environment 100 be interpretedas having any dependency or requirement relating to any one orcombination of components illustrated in the exemplary operatingenvironment 100.

With reference to FIG. 1, an exemplary system for implementing theinvention includes a general purpose computing device in the form of acomputer 110. Components of computer 110 may include, but are notlimited to, a processing unit 120, a system memory 130, and a system bus121 that couples various system components including the system memoryto the processing unit 120. The system bus 121 may be any of severaltypes of bus structures including a memory bus or memory controller, aperipheral bus, and a local bus using any of a variety of busarchitectures. By way of example, and not limitation, such architecturesinclude Industry Standard Architecture (ISA) bus, Micro ChannelArchitecture (MCA) bus, Enhanced ISA (EISA) bus, Video ElectronicsStandards Association (VESA) local bus, and Peripheral ComponentInterconnect (PCI) bus (also known as Mezzanine bus).

Computer 110 typically includes a variety of computer readable media.Computer readable media can be any available media that can be accessedby computer 110 and includes both volatile and nonvolatile media,removable and non-removable media. By way of example, and notlimitation, computer readable media may comprise computer storage mediaand communication media. Computer storage media includes both volatileand nonvolatile, removable and non-removable media implemented in anymethod or technology for storage of information such as computerreadable instructions, data structures, program modules or other data.Computer storage media includes, but is not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CDROM, digitalversatile disks (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can be accessed by computer 110. Communication media typicallyembodies computer readable instructions, data structures, programmodules or other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared, and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer readable media.

The system memory 130 includes computer storage media in the form ofvolatile and/or nonvolatile memory such as read only memory (ROM) 131and random access memory (RAM) 132. A basic input/output system 133(BIOS), containing the basic routines that help to transfer informationbetween elements within computer 110, such as during start-up, istypically stored in ROM 131. RAM 132 typically contains data and/orprogram modules that are immediately accessible to and/or presentlybeing operated on by processing unit 120. By way of example, and notlimitation, FIG. 1 illustrates operating system 134, applicationprograms 135, other program modules 136, and program data 137.

The computer 110 may also include other removable/non-removable,volatile/nonvolatile computer storage media. By way of example only,FIG. 1 illustrates a hard disk drive 141 that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive 151that reads from or writes to a removable, nonvolatile magnetic disk 152,and an optical disk drive 155 that reads from or writes to a removable,nonvolatile optical disk 156, such as a CD ROM or other optical media.Other removable/non-removable, volatile/nonvolatile computer storagemedia that can be used in the exemplary operating environment include,but are not limited to, magnetic tape cassettes, flash memory cards,digital versatile disks, digital video tape, solid state RAM, solidstate ROM, and the like. The hard disk drive 141 is typically connectedto the system bus 121 through a non-removable memory interface such asinterface 140, and magnetic disk drive 151 and optical disk drive 155are typically connected to the system bus 121 by a removable memoryinterface, such as interface 150.

The drives and their associated computer storage media discussed aboveand illustrated in FIG. 1 provide storage of computer readableinstructions, data structures, program modules and other data for thecomputer 110. In FIG. 1, for example, hard disk drive 141 is illustratedas storing operating system 144, application programs 145, other programmodules 146, and program data 147. Note that these components can eitherbe the same as or different from operating system 134, applicationprograms 135, other program modules 136, and program data 137. Operatingsystem 144, application programs 145, other program modules 146, andprogram data 147 are given different numbers here to illustrate that, ata minimum, they are different copies. A user may enter commands andinformation into the computer 110 through input devices such as akeyboard 162 and pointing device 161, commonly referred to as a mouse,trackball or touch pad. Other input devices (not shown) may include amicrophone, joystick, game pad, satellite dish, scanner, or the like.These and other input devices are often connected to the processing unit120 through a user input interface 160 that is coupled to the system bus121, but may be connected by other interface and bus structures, such asa parallel port, game port or a universal serial bus (USB).

A monitor 191 or other type of display device is also connected to thesystem bus 121 via an interface, such as a video interface 190. Agraphics interface 182, such as Northbridge, may also be connected tothe system bus 121. Northbridge is a chipset that communicates with theCPU, or host processing unit 120, and assumes responsibility foraccelerated graphics port (AGP) communications. One or more graphicsprocessing units (GPUs) 184 may communicate with graphics interface 182.In this regard, GPUs 184 generally include on-chip memory storage, suchas register storage and GPUs 184 communicate with a video memory 186.GPUs 184, however, are but one example of a coprocessor and thus avariety of co-processing devices may be included in computer 110. Amonitor 191 or other type of display device is also connected to thesystem bus 121 via an interface, such as a video interface 190, whichmay in turn communicate with video memory 186. In addition to monitor191, computers may also include other peripheral output devices such asspeakers 197 and printer 196, which may be connected through an outputperipheral interface 195.

The computer 110 may operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computer180. The remote computer 180 may be a personal computer, a server, arouter, a network PC, a peer device or other common network node, andtypically includes many or all of the elements described above relativeto the computer 110, although only a memory storage device 181 has beenillustrated in FIG. 1. The logical connections depicted in FIG. 1include a local area network (LAN) 171 and a wide area network (WAN)173, but may also include other networks. Such networking environmentsare commonplace in offices, enterprise-wide computer networks, intranetsand the Internet.

When used in a LAN networking environment, the computer 110 is connectedto the LAN 171 through a network interface or adapter 170. When used ina WAN networking environment, the computer 110 typically includes amodem 172 or other means for establishing communications over the WAN173, such as the Internet. The modem 172, which may be internal orexternal, may be connected to the system bus 121 via the user inputinterface 160, or other appropriate mechanism. In a networkedenvironment, program modules depicted relative to the computer 110, orportions thereof, may be stored in the remote memory storage device. Byway of example, and not limitation, FIG. 1 illustrates remoteapplication programs 185 as residing on memory device 181. It will beappreciated that the network connections shown are exemplary and othermeans of establishing a communications link between the computers may beused.

One of ordinary skill in the art can appreciate that a computer 110 orother client device can be deployed as part of a computer network. Inthis regard, the present invention pertains to any computer systemhaving any number of memory or storage units, and any number ofapplications and processes occurring across any number of storage unitsor volumes. The present invention may apply to an environment withserver computers and client computers deployed in a network environment,having remote or local storage. The present invention may also apply toa standalone computing device, having programming languagefunctionality, interpretation and execution capabilities.

Distributed computing facilitates sharing of computer resources andservices by direct exchange between computing devices and systems. Theseresources and services include the exchange of information, cachestorage, and disk storage for files. Distributed computing takesadvantage of network connectivity, allowing clients to leverage theircollective power to benefit the entire enterprise. In this regard, avariety of devices may have applications, objects or resources that mayinteract to implicate authentication techniques of the present inventionfor trusted graphics pipeline(s).

FIG. 2 provides a schematic diagram of an exemplary networked ordistributed computing environment. The distributed computing environmentcomprises computing objects 10 a, 10 b, etc. and computing objects ordevices 110 a, 110 b, 110 c, etc. These objects may comprise programs,methods, data stores, programmable logic, etc. The objects may compriseportions of the same or different devices such as PDAs, televisions, MP3players, televisions, personal computers, etc. Each object cancommunicate with another object by way of the communications network 14.This network may itself comprise other computing objects and computingdevices that provide services to the system of FIG. 2. In accordancewith an aspect of the invention, each object 10 or 110 may contain anapplication that might request the authentication techniques of thepresent invention for trusted graphics pipeline(s).

It can also be appreciated that an object, such as 110 c, may be hostedon another computing device 10 or 110. Thus, although the physicalenvironment depicted may show the connected devices as computers, suchillustration is merely exemplary and the physical environment mayalternatively be depicted or described comprising various digitaldevices such as PDAs, televisions, MP3 players, etc., software objectssuch as interfaces, COM objects and the like.

There are a variety of systems, components, and network configurationsthat support distributed computing environments. For example, computingsystems may be connected together by wireline or wireless systems, bylocal networks or widely distributed networks. Currently, many of thenetworks are coupled to the Internet, which provides the infrastructurefor widely distributed computing and encompasses many differentnetworks.

In home networking environments, there are at least four disparatenetwork transport media that may each support a unique protocol such asPower line, data (both wireless and wired), voice (e.g., telephone) andentertainment media. Most home control devices such as light switchesand appliances may use power line for connectivity. Data Services mayenter the home as broadband (e.g., either DSL or Cable modem) and areaccessible within the home using either wireless (e.g., HomeRF or802.11b) or wired (e.g., Home PNA, Cat 5, even power line) connectivity.Voice traffic may enter the home either as wired (e.g., Cat 3) orwireless (e.g., cell phones) and may be distributed within the homeusing Cat 3 wiring. Entertainment media may enter the home eitherthrough satellite or cable and is typically distributed in the homeusing coaxial cable. IEEE 1394 and DVI are also emerging as digitalinterconnects for clusters of media devices. All of these networkenvironments and others that may emerge as protocol standards may beinterconnected to form an intranet that may be connected to the outsideworld by way of the Internet. In short, a variety of disparate sourcesexist for the storage and transmission of data, and consequently, movingforward, computing devices will require ways of protecting content atall portions of the data processing pipeline.

The ‘Internet’ commonly refers to the collection of networks andgateways that utilize the TCP/IP suite of protocols, which arewell-known in the art of computer networking. TCP/IP is an acronym for“Transport Control Protocol/Interface Program.” The Internet can bedescribed as a system of geographically distributed remote computernetworks interconnected by computers executing networking protocols thatallow users to interact and share information over the networks. Becauseof such wide-spread information sharing, remote networks such as theInternet have thus far generally evolved into an open system for whichdevelopers can design software applications for performing specializedoperations or services, essentially without restriction.

Thus, the network infrastructure enables a host of network topologiessuch as client/server, peer-to-peer, or hybrid architectures. The“client” is a member of a class or group that uses the services ofanother class or group to which it is not related. Thus, in computing, aclient is a process, i.e., roughly a set of instructions or tasks, thatrequests a service provided by another program. The client processutilizes the requested service without having to “know” any workingdetails about the other program or the service itself. In aclient/server architecture, particularly a networked system, a client isusually a computer that accesses shared network resources provided byanother computer e.g., a server. In the example of FIG. 2, computers 110a, 110 b, etc. can be thought of as clients and computer 10 a, 10 b,etc. can be thought of as the server where server 10 a, 10 b, etc.maintains the data that is then replicated in the client computers 110a, 110 b, etc.

A server is typically a remote computer system accessible over a remotenetwork such as the Internet. The client process may be active in afirst computer system, and the server process may be active in a secondcomputer system, communicating with one another over a communicationsmedium, thus providing distributed functionality and allowing multipleclients to take advantage of the information-gathering capabilities ofthe server.

Client and server communicate with one another utilizing thefunctionality provided by a protocol layer. For example,Hypertext-Transfer Protocol (HTTP) is a common protocol that is used inconjunction with the World Wide Web (WWW). Typically, a computer networkaddress such as a Universal Resource Locator (URL) or an InternetProtocol (IP) address is used to identify the server or client computersto each other. The network address can be referred to as a UniversalResource Locator address. For example, communication can be providedover a communications medium. In particular, the client and server maybe coupled to one another via TCP/IP connections for high-capacitycommunication.

Thus, FIG. 2 illustrates an exemplary networked or distributedenvironment, with a server in communication with client computers via anetwork/bus, in which the present invention may be employed. In moredetail, a number of servers 10 a, 10 b, etc., are interconnected via acommunications network/bus 14, which may be a LAN, WAN, intranet, theInternet, etc., with a number of client or remote computing devices 110a, 110 b, 110 c, 110 d, 110 e, etc., such as a portable computer,handheld computer, thin client, networked appliance, or other device,such as a VCR, TV, oven, light, heater and the like in accordance withthe present invention. It is thus contemplated that the presentinvention may apply to any computing device in connection with which itis desirable to process, store or render secure content from a trustedsource.

In a network environment in which the communications network/bus 14 isthe Internet, for example, the servers 10 can be Web servers with whichthe clients 110 a, 110 b, 110 c, 110 d, 110 e, etc. communicate via anyof a number of known protocols such as HTTP. Servers 10 may also serveas clients 110, as may be characteristic of a distributed computingenvironment. Communications may be wired or wireless, where appropriate.Client devices 110 may or may not communicate via communicationsnetwork/bus 14, and may have independent communications associatedtherewith. For example, in the case of a TV or VCR, there may or may notbe a networked aspect to the control thereof. Each client computer 110and server computer 10 may be equipped with various application programmodules or objects 135 and with connections or access to various typesof storage elements or objects, across which files may be stored or towhich portion(s) of files may be downloaded or migrated. Thus, thepresent invention can be utilized in a computer network environmenthaving client computers 110 a, 110 b, etc. that can access and interactwith a computer network/bus 14 and server computers 10 a, 10 b, etc.that may interact with client computers 110 a, 110 b, etc. and otherdevices 111 and databases 20.

Rights Management (RM) Overview

As is known, and referring now to FIG. 3, rights management (RM) andenforcement is highly desirable in connection with a digital application32 that is to be distributed to users. Upon being received by the user,such user instantiates the application 32 with the aid of an appropriatecomputing device 34 or the like.

Typically, an application author or publisher (hereinafter ‘publisher’)44 distributing such digital application 32 wishes to restrict what theuser can do with such distributed application 32. For example, thepublisher 44 may wish to restrict the user from copying andre-distributing such application 32 to a second user, or may wish toallow distributed application 32 to be actuated only a limited number oftimes, only for a certain total time, only on a certain type of machine,only on a certain type of rendering platform, only by a certain type ofuser, etc.

However, after distribution has occurred, such publisher 44 has verylittle if any control over the application 32. An RM system 30, then,allows the controlled actuating of an application 32, where such controlis flexible and definable by the publisher 44 of such application 32.Typically, the application 32 is distributed to the user in the form ofa package 33 by way of any appropriate distribution channel. The package33 as distributed may include the application 32 or a portion thereofencrypted with a symmetric encryption/decryption key (KD), (i.e.,(KD(AP))), as well as other information identifying the application 32,how to acquire a license for such application 32, etc.

The trust-based RM system 30 allows the publisher 44 of the application32 to specify license rules that must be satisfied before suchapplication 32 is allowed to be actuated on a user's computing device34. Such license rules can include the aforementioned temporalrequirement, and may be embodied within a digital license or usedocument (hereinafter ‘license’) 36 that the user/user's computingdevice 34 (such terms being interchangeable unless circumstances requireotherwise) must obtain from the publisher 44 or an agent thereof. Suchlicense 36 also includes the decryption key (KD) for decrypting theencrypted portion of the application 32, perhaps encrypted according toa key decryptable by the user's computing device 34. As seen in FIG. 3,such encrypting key may be a public key of the user's computing device34 (PU-BB), and the user's computing device 34 presumably has thecorresponding private key (PR-BB) by which (PU-BB(KD)) may be decrypted.

The publisher 44 for the application 32 must trust that the user'scomputing device 34 will abide by the rules and requirements specifiedby such publisher 44 in the license 36, i.e. that the application 32will not be actuated unless the rules and requirements within thelicense 36 are satisfied. Preferably, then, the user's computing device34 is provided with a trusted component or mechanism 38 that will notactuate the application 32 except according to the license rulesembodied in the license 36 associated with the application 32 andobtained by the user.

The trusted component 38 typically has a license evaluator 40 thatdetermines whether the license 36 is valid, reviews the license rulesand requirements in such valid license 36, and determines based on thereviewed license rules and requirements whether the requesting user hasthe right to actuate the corresponding application 32 in the mannersought, among other things. As should be understood, the licenseevaluator 40 is trusted in the RM system 30 to carry out the wishes ofthe publisher 44 of the application 32 according to the rules andrequirements in the license 36, and the user should not be able toeasily alter such trusted element for any purpose, nefarious orotherwise.

As should be understood, the rules and requirements in the license 36can specify whether the user has rights to actuate the application 32based on any of several factors, including who the user is, where theuser is located, what type of computing device 34 the user is using,what operating system is calling the RM system 30, the date, the time,etc. In addition, the rules and requirements of the license 36 may limitthe license 36 to a pre-determined number of actuations, orpre-determined operating time, for example. Thus, the trusted component38 may need to refer to a clock 42 on the computing device 34.

The rules and requirements may be specified in the license 36 accordingto any appropriate language and syntax. For example, the language maysimply specify attributes and values that must be satisfied (DATE mustbe later than X, e.g.), or may require the performance of functionsaccording to a specified script (IF DATE greater than X, THEN DO . . . ,e.g.).

Upon the license evaluator 40 determining that the license 36 is validand that the user satisfies the rules and requirements therein, theapplication 32 can then be actuated. In particular, to actuate theapplication 32, the decryption key (KD) is obtained from the license 36and is applied to (KD(AP)) from the package 33 to result in the actualapplication 32, and the actual application 32 is then in fact actuatedin the manner set forth in the license 36.

As set forth above, the license 36 with (PU-BB(KD)) in effect authorizesan entity in possession of (PR-BB) to access (KD) and thereby access theapplication 32 encrypted according to such (KD), presuming of coursethat the entity abides by all conditions as set forth in the license 36.As should be appreciated, though, other types of licenses 36 may existswithin the RM system 30.

For example, it may be appreciated that in one scenario the publisher 44of the application 32 may authorize one or more particular licensors 46to issue a license 36 for the application 32 by providing the licensor46 with a publishing license 36 p. As may be appreciated, suchpublishing license 36 p is similar to the license 36 in that suchpublishing license 36 p likely includes the decryption key (KD) fordecrypting the application 32, here encrypted according to a public keyof the licensor 46 (PU-BB). Likewise, the publishing license 36 p likelyincludes the rules and requirements for rendering the content 32. Here,however, such rules and requirements are to be inserted into the license36 as issued by the licensor 46, and are not especially applicable tosuch licensor 46.

Note, though, that the publishing license 36 p may indeed include otherrules and requirements that are indeed applicable to the licensor 46.Accordingly, the licensor 46 should include a trusted component 38 witha license evaluator 40 in a manner akin to the user's computing device34. Significantly, each type of license 36, 36 p, etc. (hereinafter,‘license 36’) as proffered typically includes a digital signature forauthentication/verification purposes, and each digital signature isvalidated by the trusted component 38 before the license 36 is honored.Of course, if any validation fails, the process ends and the license 36is not honored.

Flexible Licensing Architecture for Licensing Digital Application

As was set forth above, a publisher 44 may wish to provide a user withthe flexibility to purchase different types or editions of anapplication 32. For example, and again, the publisher 44 may wish toprovide a full-featured edition, a rudimentary edition, a businessedition, a home edition, etc. However, according to the prior art, eachsuch edition of the application 32 would be separately issued as a codeset (i.e., computer file or series of such files or the like). As shouldbe evident, supporting, maintaining, marketing, and distributing eachsuch separately issued code set could be greatly complicated, especiallyas compared to performing such chores with regard to a single commonlyissued code set.

Thus, in one embodiment of the present invention, a publisher in factissues a common code set for the application 32, but differentiatesbetween editions of the application 32 by issuing differingcorresponding RM licenses 36. Significantly, the application 32 as setforth within the common code set is defined to have a plurality offeatures or the like, and each license 36 is defined to enable certainones of the defined features and/or disable certain ones of the definedfeatures. Constructing and employing such a license 36 for theapplication 32 within the RM architecture 30 is known or should beapparent to the relevant public and therefore need not be set forthherein in any detail. Accordingly, any such method of constructing andemploying such a license 36 may be used without departing from thespirit of the present invention described herein.

For example, it may be the case that the application 32 has aninstantiation portion that instantiates same on the computing device 34,and that such instantiation portion is encrypted and decryptableaccording to the key (KD) from the license 36. Thus, upon an appropriatecommand from the user or the like, the trusted component 38 retrievessuch key (KD) from the license 36 if such license 36 so allows and thenemploys the retrieved (KD) to decrypt the instantiation portion, and thedecrypted instantiation portion is then employed to instantiate theapplication 32.

Similarly, it may be the case that the application 32 is defined to haveseveral feature portions, each corresponding to a feature, and that eachfeature portion requires as a condition precedent to the use thereofthat the trusted component 38 confirm that the license 36 so allows.Thus, and as should now be appreciated, if an application 36 hasfeatures A, B, and C, a first license 32 corresponding to a firstedition of the application 32 may allow use of feature A only, a secondlicense 32 corresponding to a second edition of the application 32 mayallow use of features B and C only, a third license 32 corresponding toa third edition of the application 32 may allow use of all of featuresA, B, and C, and the like. Note here that editions may be defined by thepublisher 44 by offering only certain types of corresponding licenses36, or may be customized by a user in the course of obtaining aparticular license 36, presuming that the publisher in fact offers sucha customized license 36. In obtaining a particular type of license 36, auser is able to employ the available features of the application 32 thatare enabled by the license 36, and is restricted from employing theavailable features of the application 32 that are not enabled by thelicense 36. Presumably, in the case where a license 36 is obtained as apurchase based on a fee, such fee would vary based on the availablefeatures in the application 32 enabled thereby.

Significantly, although the application 32 may be offered in at leastthe three editions as set forth above if not more, all three editionsmay be based on a single base copy of the application 32 with allavailable features included therein. As should be appreciated, eachfeature is available to a particular user with a particular license 36if the license enables such feature or does not disable such feature.Moreover, the single base copy may be widely distributed andre-distributed without fear of inappropriate use inasmuch as use of theapplication 32 can occur only with a properly-obtained license 36.

Notably, to effectuate issuing such license 36 for an application and inone embodiment of the present invention, a licensing architecture 50such as that shown in FIG. 4 is provided. As seen in such FIG. 4, thelicensing architecture 50 includes the publisher 44 and the licensor 46of FIG. 3, and may also include a retailer 52 that retails theapplication 32 to a user. Of course, the publisher 44 may also be theretailer 52 without departing from the spirit and scope of the presentinvention.

Presumably, such retailer 52 is a retail location that performs a retailtransaction with a user to obtain the application 32 and/or to obtain alicense 36 corresponding thereto. In doing so, the retailer 52 woulddirect the user to a distributor 54 or the like operating a distributionsite or the like to obtain the application 32 itself and/or would directthe user to the licensor 46 for the license 36 itself. Presumably,although not necessarily, the retailer 52, the licensor 46, and thedistributor 54 are all networked together by way of a network such asthe Internet, and the user visits the retailer 52 and obtains theapplication 32 from the distributor 54 and the license 36 from thelicensor 46 (hereinafter, ‘the use license 36’) by way of such network.

In one embodiment of the present invention, and as seen in FIG. 4, theapplication 32 as provided by the publisher 44 includes executable codeby which the application 32 is instantiated and employed. Significantly,such application 32 as provided by the publisher 44 also includes anumber of special licenses 36, including a definition license 36, aninitial license 36, and a non-network license 36, where such speciallicenses 36 are distinct from the use license 36 heretofore referenced.

The definition license 36, again, is not itself a use license 36 thatmay be obtained from a licensor 46 to employ the application 32, butinstead is a special license 36 that defines all of the featuresavailable in the application 32 by way of an appropriate use license 36.Such definition license 36 sets forth all of the features of theapplication 32 as available rights, then, but does not actually grantany of such rights. Instead, an obtained use license 36 in enabling aparticular feature grants a corresponding right.

Thus, to continue the example from above, if an application 32 includedthree defined features A, B, and C, the definition license 36 would setforth each such features A, B, and C together with pertinent informationrelating thereto. Such pertinent features may for example include areference to the feature in the application 32, a description, andperhaps edition information regarding which edition of the application32 includes such feature. Thus, a use license 36 that enables suchfeature may for example employ such information to allow a user toemploy same. Likewise, if a use license 36 does not enable such feature,such information may nevertheless be employed to inform a user of theavailability of such feature, and perhaps even direct the user to alicensor 46 to obtain another use license 36 that would enable suchfeature.

Unlike a definition license 36, an initial license 36, is itself akin toa use license 36 that may be used to employ the application 32. However,such use license 36 is a special license 36 in that such use license 36can only be employed in an initial manner, such as for example to allowa user to try out the application 32 for a defined amount or length oftime, for example. Note here that the use license 36 is not tied to theuser or the computing device 34 thereof.

Such initial license 36 may or may not grant rights to all features ofthe application 32 as set forth within the definition license 36,depending upon how the publisher 44 has constructed such initial license36. Generally, the initial license 36 may be offered to allow aprospective user a period of time to try out the application 32 withoutpurchasing a use license 36, to allow the user to have free access to arudimentary edition of the application 32 without the need to obtain ause license 36, or the like. In the former case, the initial license 36may grant rights to all features, but for a relatively short period oftime, while in the latter case, the initial license may grant rights tosome features, but for a relatively long period of time. Thus, a usermay employ the initial license 36 in a temporary manner until such usereither decides to obtain a use license 36 or to not further employ theapplication, or may employ the initial license 36 to use a rudimentaryform of the application 32, as the case may be.

Like an initial license 36, a non-network license 36 is itself akin to ause license 36 that may be used to employ the application 32. However,such non-network license 36 is a special license 36 in the event that auser does not have network access to the licensor 46 but still wishes touse the application 32. Typically, in such a case, the non-networklicense 36 cannot be employed unless the user obtains a confirmationcode, such as for example by telephone or mail, where such confirmationcode may be obtained in exchange for a fee. Thus, with such confirmationcode, the non-network license 36 enables the application 32 to beemployed as if the user had obtained some sort of use license 36 fromthe licensor 46. Here too, the non-network license 36 is not tied to theuser or the computing device 34 thereof, at least not directly, althoughobtaining the confirmation code does at least indirectly tie thenon-networked license 36 to the user presuming the user identifieditself in the course of obtaining such confirmation code.

As with the initial license 36, the non-networked license 36 may or maynot grant rights to all features of the application 32 as set forthwithin the definition license 36, depending upon how the publisher 44has constructed such non-networked license 36. Note that while thenon-networked license 36 may grant rights to all features of theapplication 32, doing so may be inadvisable inasmuch as the obtainedspecial code could be transferred by the user to others who would thenbe able to access all such features of the application 32.

Typically, the retailer 52 can provide the application 32 with theaforementioned special licenses 36 to the user, either directly or byway of the aforementioned distributor 54. Note, though, that the usermay also obtain such application 32 from the publisher 44 or from anyother source without departing from the spirit and scope of the presentinvention. In fact, and as set forth in more detail below, it may bethat the user obtains the application 32 from an acquaintance or a thirdparty and then obtains a use license 36 by way of the retailer 52.

In any case, and in one embodiment of the present invention, theapplication 32 as distributed to the user may additionally be packagedwith referral information including an identification of a particularretailer 52. Thus, in the situation where the user obtains theapplication 32 from a source other than the retailer 52, such referralinformation refers such user to such retailer 52 to effectuate atransaction to obtain a use license 36 for a particular edition of suchapplication 32. In addition, even after the user obtains the use license36, such referral information may be employed should the user desire togo back to the retailer 52 to return such use license 36 or to obtain adifferent use license 36 for another edition of such application 32.

As was set forth above, a user in possession of the single base copy ofthe application 32 requires a use license 36 of some sort to employ aparticular corresponding edition of the application 32, unless of coursethe user employs the aforementioned initial license 36 or non-networklicense 36. However, and as should be appreciated, such a use license 36contains the decryption key (KD) for accessing the encrypted portion ofthe application 32 and is tied to the user or the computing device 34thereof and thus does not normally travel with the application 32.

In one embodiment of the present invention, then, and remembering thatthe application 32 includes the definition license 36 as was set forthabove, the user in the course of obtaining such a use license 36 firstobtains from the retailer 52 or the like a product license 36 thatspecifies at least some of the features as set forth in the definitionlicense 36. In such embodiment, the product license 36 is not itself ause license 36 that can be used to employ the application 32. Instead,the product license 36 as provided by the retailer 52 or the likedefines which edition of the application 32 that the user has obtained,or else the features as set forth in the definition license 36 that theuser has requested, and thus is a token or authorization that the userpresents to the licensor 46 during the course of a use license requesttransaction to signify to such licensor 46 that such user is entitled toa corresponding use license 36 for a particular edition of theapplication 32.

Put more simply, the user interacts with the retailer 52 to obtain theright to a use license 36 but does not in fact receive the use license36 from such retailer 52. Instead, the user receives the product license36 as a token that is presented to the licensor 46, and the licensor 46in response in fact issues a corresponding use license 36 to the userthat the user may in fact use to employ a corresponding edition of theapplication 32. The use license 36 as issued corresponds to the productlicense 36 in that the rights conferred in the use license 36 correspondto the edition or features set forth in the product license 36.

As may be appreciated, while the product license 36 could be dispensedwith by having the user obtain the use license 36 in the course of adirect transaction with the licensor 46, the licensor 46 may prefer notto handle the retail aspects of such a direct transaction. Moreover, byemploying the product license 36 in the manner set forth herein,multiple retailers 52 may be employed to effectuate retail transactionswith users while still only having one or a few licensors 46, eachlicensor 46 being able to issue a use license 36 in connection with atransaction with any retailer 52. Finally, by separating the issuance ofthe use license 36 by the licensor 46 from the retail transaction withthe retailer 52, the publisher 44 may exert greater control over suchissuance, and also may achieve greater security.

Presumably, the product license 36 as provided by the retailer 52 to theuser includes appropriate information regarding where the user may findthe licensor 46 to issue the use license 36 corresponding to suchproduct license 36. In addition, and in one embodiment of the presentinvention, the product license 36 as provided by the retailer 52 to theuser may be packaged with referral information including anidentification of the distributor 54 from which the application 32 maybe obtained. Thus, in the situation where the user obtains the productlicense 36 prior to the application 32, such referral information referssuch user to such distributor 54 to obtain the base copy of suchapplication 32. In addition, even after the user obtains the application32, such referral information may be employed should the user desire togo back to the distributor 54 for another copy of such base copy of suchapplication 32, or even for a new or updated version of such base copyof such application 32.

To summarize, then, a user may obtain the application 32 before or aftera product license 36 therefor. If before, the referral informationpackaged with the application 32 is employed to locate a particularretailer 52 from which the user can obtain the product license 36. Ifafter, the referral information packaged with the product license 36 isemployed to locate a particular distributor 54 from which the user canobtain the base copy of the application 32.

In one typical scenario, and turning now to FIG. 5, a user purchasing orotherwise obtaining the application 32 and a corresponding use license36 would visit a retailer 52 therefor and engage therewith in atransaction by which the user would select particular features desiredin the application 32 or a particular edition of the application 32(step 501). As part of such transaction, the user may provide a fee tothe retailer 52. Typically, although not necessarily, the retailer 52controls the transaction and determines the presentation of informationand options relating to the application 32 and acceptable forms ofpayment, and upon approval from the user executes the transaction.

Also as part of the transaction, the retailer 52 collects informationfrom the user necessary to construct or obtain an appropriate productlicense 36 corresponding to the user selection and in fact constructs orobtains such product license 36 (step 503). As noted above, such productlicense 36 may be packaged with referral information including aparticular distributor 54 from which the base copy of the application 32may be obtained. At any rate, such product license 36 is conveyed fromthe retailer 52 to the user (step 505). In addition, the retailer 52 maysend a transaction confirmation message to the user confirming thetransaction. If so, the message may include a location at which theproduct license 36 may be obtained if such product license 36 is notautomatically sent to the user.

Upon receiving the product license 36 from the retailer 52, the user mayinstall same (step 507) or may save the product license 36 for laterretrieval and installation. Generally, and as will be set forth below inmore detail, installation includes validating the publishing license 36including a signature thereof and storing same on the computing device34 of the user. Although a use license 36 corresponding to the productlicense 36 may be obtained at this point, it may instead be advisable tofirst ensure that the corresponding application 32 has been installed.Note that if the product license 36 is saved for later retrieval, suchproduct license 36 should be saved in an encrypted form, especially ifthe product license 36 can be taken by another user and employedthereby.

Once the product license 36 has been received, the user's computingdevice 34 determines whether the corresponding application 32 has beeninstalled (step 509). Such check may for example be achieved by checkinga registry on the computing device 34 for an appropriate value. Ifalready installed, the application 32 may then be actuated to completethe process of acquiring the use license 36 (step 511). If notinstalled, the application 32 is acquired from the distributor 54 setforth in the referral information included with the product license 36or is obtained from a storage medium available to the computing device34 and the acquired application 32 is installed on such computing device34 (step 513), and the installed application 32 is then actuated as atstep 511.

Note that at this point there may already be another obtained uselicense 36 on the computing device 34, in which case the use license 36to be obtained is an additional use license 34. At any rate, upon theinstalled application 32 being actuated and based on the presence of theproduct license 36, the computing device 34 acquires a use license 36corresponding thereto (step 515). In particular, the product license 36and perhaps the definition license 36 from the application 32 are sentto the licensor 46 as identified within the product license 36, alongwith an identification of the user and/or the computing device 34thereof and/or the trusted component 38 thereof or the like (step 517).

The licensor 46 validates all licenses 36 and identifications, andassuming such validations succeed the licensor 46 constructs anappropriate use license 36 based thereon (step 519) and returns same tothe requesting user (step 521). Notably, in constructing the use license36, the licensor 46 obtains a cryptographic key from at least one of theidentifications such as a public key (PU) of the user, encrypts theaforementioned decryption key (KD) for the application 32 with such (PU)to result in (PU(KD)), and includes such (PU(KD)) in the constructed andreturned use license 36. Also notably, the identifications may include ahardware ID (HWID) corresponding to the user's computing device 34 andsuch HWID may also be included in the constructed and returned uselicense 36. Further notably, the licensor 46 may note in an appropriatedatabase that the product license 36 has been submitted and that acorresponding use license 36 has been issued, and also may notify theretailer regarding same.

The user's computing device 34 may store the returned use license 36 inan appropriate location such as a license store, and such stored uselicense 36 may then be employed to use certain features of theapplication. In particular, and turning now to FIG. 6, upon a request touse a particular feature of the application 32 (step 601), such featureof the application 32 may in effect request that the trusted component38 determine whether a use license 36 on the computing device 34 permitssuch use of such feature (step 603). In response, the trusted component38 may locate an obtained use license 36 in a license store (step 605),validate same (step 607), and determine whether such validated uselicense 36 permits the use of the feature (step 609).

Presuming that the validated use license 36 does in fact permit the useof the feature, such trusted component 38 then retrieves (PU(KD)) fromsuch use license 36 and applies a corresponding private key (PR) to sameto reveal the decryption key (KD) (step 611), and such decryption key(KD) may then be applied in an appropriate manner to decrypt anappropriate portion of the application 32 (step 613). Thereafter, therequested feature may be used (step 615).

As may be appreciated, at some point the user after having obtained theuse license 36 may decide to return same, for any of a variety ofreasons. Critically, if the user is allowed to return such use license36, such user should not be allow to retain a copy of such use license36. Accordingly, in one embodiment of the present invention, and turningnow to FIG. 7, such return is effectuated by way of a request to theretailer 52 that includes the corresponding product license 36 asprovided thereby (step 701). In response, the retailer 52 returns anexecutable or command to the user's computing device 34 (step 703),where the executable/command in effect deletes the use license 36 fromthe user's computing device in a trusted manner. In particular, thetrusted component 38 on such computing device 34 executes theexecutable/command to delete the use license 36 at issue (step 705), andthen sends a message to the retailer 52 that the deletion was successful(step 707). Thereafter, the retailer 52 informs the licensor 46 that thecorresponding product license 36 is invalid (step 709), and the licensor46 notes same in a database thereof such that any future request for ause license 36 based on such product license 36 is not honored.

As may also be appreciated, and remembering that the use license 36 istied to a particular computing device 34 by way of including a HWID ofsuch computing device 34 in such use license 36, it is to be recognizedthat the user may wish to transfer the use license 36 to anothercomputing device 34 thereof with a different HWID, again for any of avariety of reasons. Similar to before, if the user is allowed totransfer such use license 36 from a first device 34 to a second device34, such user should not be allow to retain a copy of such use license36 as tied to the first device 34. Accordingly, in one embodiment of thepresent invention, and turning again to FIG. 7, such transfer iseffectuated in a manner similar to a return. In particular, suchtransfer is effectuated by way of a request to the licensor 46 thatincludes the corresponding product license 36 as provided by theretailer 52 (step 701). In response, the licensor 46 returns anexecutable or command to the user's computing device 34 (step 703),where the executable/command in effect deletes the use license 36 fromthe user's computing device in a trusted manner. Again, the trustedcomponent 38 on such computing device 34 executes the executable/commandto delete the use license 36 at issue (step 705), and then sends amessage to the licensor 46 that the deletion was successful (step 707).

Significantly, in the context of a transfer, the licensor 46 should beable to issue another use license 36 corresponding to the productlicense 36, in this case to a different computing device 34 of the user.Accordingly, in the context of a transfer, the licensor 46 notes thatthe corresponding product license 36 can again be employed (step 709),and any future request for a use license 36 based on such productlicense 36 is in fact honored.

In one embodiment of the present invention, a publisher 44 may define alicense 36 by way of a license file or the like and then may give thelicense file to a retailer 52 for sale. In addition, the publisher 44may create the base copy of the application 32 and provide same to thedistributor 54. The retailer 52 may then sell the license 36 to a userand deliver same by way of a licensor 46 operating a web page or thelike. The license 36 may be packaged with information that points theuser to the distributor 54 if the user needs to obtain the application32 therefrom. The application 32 may be packaged with information thatpoints the user to the licensor 46 if the user needs to obtain thelicense 36 therefrom. Thus, a user in possession of the application 32can find the licensor 46 to obtain a license 36, and a user inpossession of the license 36 can find the distributor 54 to obtain theapplication 32.

CONCLUSION

The programming necessary to effectuate the processes performed inconnection with the present invention is relatively straight-forward andshould be apparent to the relevant programming public. Accordingly, suchprogramming is not attached hereto. Any particular programming, then,may be employed to effectuate the present invention without departingfrom the spirit and scope thereof.

In the present invention, an RM architecture 30 is employed toeffectuate a licensing architecture 50 where only one copy of a digitalapplication 32 need be released with multiple available features oreditions such that a particular use license 36 issued to a particularuser specifies which available features/edition may be employed by theuser. Thus a publisher 44 of the application 32 need not releasemultiple editions of the same application 32, and a user in obtaining ause license 36 can select which of the multiple availablefeatures/editions are to be licensed.

It should be appreciated that changes could be made to the embodimentsdescribed above without departing from the inventive concepts thereof.It should be understood, therefore, that this invention is not limitedto the particular embodiments disclosed, but it is intended to covermodifications within the spirit and scope of the present invention asdefined by the appended claims.

1. A computer-implemented method of obtaining a use license for using anapplication of a publisher on a computing device, the applicationincluding a plurality of features, the computing device storing the uselicense on a storage device, the method comprising: the computing deviceobtaining a product license from a retailer by engaging in a transactionwith the retailer, the product license corresponding to the applicationof a publisher, the product license defining at least one feature of theapplication that has been requested by a user, a distributor from whichto obtain a base copy of the application, and a licensor from which toobtain a use license; the computing device obtaining a base copy of theapplication from the distributor via a network transaction, wherein thebase copy of the application includes the plurality of features of theapplication and wherein at least a portion of the base copy of theapplication is encrypted with an encryption key of the publisher; thecomputing device installing the application; the computing deviceactuating the application the computing device acquiring a use licensecorresponding to the product license obtained from the retailer by wayof the actuated application sending the product license to the licensorvia a network transaction along with an identification of at least oneof a user, the computing device, a public key of the computing device,and a trusted component operating on the computing device, the uselicense including a decryption key of the publisher for decrypting theportion of the base copy of the application that is encrypted with saidencryption key, the decryption key being encrypted with the public keyof the computing device, and the use license including a set ofpublisher specified rules and requirements that establish the user'sright to actuate the application and use each requested feature asdefined by the product license; the computing device receiving a requestby the user to use a feature of the plurality of features; the computingdevice validating the use license using a license evaluator; based onthe validation, the computing device determining that the validated uselicense permits the use of the requested feature based on the publisherspecified rules and requirements included in the acquired use license;and based on the determination that the use of the requested feature ispermitted, decrypting the decryption key received in the acquired uselicense using a private key of the computing device and decrypting atleast a portion of the base copy of the application including therequested feature using the decryption key.
 2. The method of claim 1comprising the computing device engaging in a transaction with aretailer to obtain a product license defining at least one feature ofthe application as offered by the retailer and representing an availableedition of the application.
 3. The method of claim 1 comprising thecomputing device engaging in a transaction with a retailer to obtain aproduct license defining at least one feature of the application asselected by an obtainer of such product license.
 4. The method of claim1 comprising the computing device engaging in a transaction with aretailer to obtain a product license packaged with referral informationincluding a particular distributor from which the base copy of theapplication is obtained.
 5. The method of claim 1 wherein the computingdevice includes a hardware ID (HWID) corresponding to the computingdevice, the method comprising the computing device acquiring a uselicense including the HWID, whereby the trusted component may retrievesuch HWID and employ same to determine that the license is intended tobe employed on the computing device having such HWID.
 6. The method ofclaim 1 wherein at least a portion of each feature of the application isencrypted and decryptable according to a key (KD), the method comprisingthe computing device acquiring a use license including a cryptographickey from the identification encrypting the key (KD), the method furthercomprising: the computing device receiving a request to use a particularfeature of the application; the computing device locating the acquireduse license; the computing device determining that the feature policy inthe located use license permits the requested use of the particularfeature; the computing device retrieving the encrypted key (KD) from thelocated use license; the computing device decrypting the encrypted key(KD) and employing same to decrypt the at least a portion of theparticular feature of the application; and the computing using theparticular feature of the application.
 7. The method of claim 6 furthercomprising the computing device validating the located use license. 8.The method of claim 1 further comprising after having acquired the uselicense the computing device returning same to reverse the transactionby which the product license was obtained, returning such use licenseincluding: the computing device sending a return request to the retailerincluding the corresponding product license as provided thereby; thecomputing device receiving from the retailer one of an executable and acommand which deletes the use license from the computing device in atrusted manner; and the computing device executing theexecutable/command to delete the use license and send a message to theretailer that the deletion of the use license was successful, wherebythe retailer informs the licensor that the product license is invalidand the licensor notes same in a database thereof such that any futurerequest for a use license based on the product license is not honored.9. The method of claim 1 wherein the acquired use license is tied to thecomputing device, the method further comprising after having acquiredthe use license the computing device returning same to acquire anotheruse license tied to another computing device, returning such use licenseincluding: the computing device sending a transfer request to thelicensor including the corresponding product license as provided by theretailer; the computing device receiving from the licensor one of anexecutable and a command which deletes the use license from thecomputing device in a trusted manner; and the computing device executingthe executable command to delete the use license and send a message tothe licensor that the deletion of the use license was successful,whereby the product license remains valid and the licensor notes thatthe product license can again be employed to obtain the another uselicense tied to the another computing device.
 10. A computing devicethat processes an application in accordance with a use license for usingthe application of a publisher, the use license authorized by apublisher and associated with a corresponding publishing license thatincludes the set of publisher-specified license rules and additionalrules applicable to a licensor regarding issuance of the use license bythe licensor, the application having a plurality of features, thecomputing device storing the use license on a storage device, saidcomputing device comprising: a processor that; and a computer storagestoring executable instructions that when executed by the processorcause the processor to perform the steps of: obtaining a product licensefrom a retailer, the product license corresponding to the application ofa publisher, the product license defining at least one feature of theapplication that has been requested by a user, a distributor from whichto obtain a base copy of the application, and a licensor from which toobtain a use license; obtaining a base copy of the application from thedistributor via a network transaction, wherein the base copy of theapplication includes all of the plurality of features of the applicationand wherein at least a portion of the base copy of the application isencrypted with an encryption key of the publisher; acquiring the uselicense corresponding to the product license obtained from the retailerby way of the actuated application sending the product license to thelicensor via a network transaction along with an identification of atleast one of a user, the computing device, a public key of the computingdevice, and a trusted component operating on the computing device, theuse license including a decryption key of the publisher for decryptingthe portion of the base copy of the application that is encrypted withsaid encryption key, the decryption key being encrypted with the publickey of the computing device, and the use license including a set ofpublisher specified rules and requirements that establish the user'sright to actuate the application and use each requested feature asdefined by the product license; installing the application; receiving arequest by the user to use a feature of the plurality of features; and atrusted component; and computer storage storing executable instructionsthat when executed by the trusted component, cause the trusted componentto perform the steps of: actuating the application; validating the uselicense using a license evaluator; based on the validation, determiningthat the validated use license permits the use of the requested featurebased on the publisher specified rules and requirements included in theacquired use license; and based on the determination that the use of therequested feature is permitted, decrypting the decryption key receivedin the acquired use license using a private key of the computing deviceand decrypting at least a portion of the base copy of the applicationincluding the requested feature using the decryption key.
 11. Thecomputing device of claim 10, wherein the computing device furtherincludes a hardware ID (HWID) identifying the computing device and theuse license includes the HWID, whereby the trusted component mayretrieve the HWID from the computing device and employ same to determinethat the use license is intended to be employed on the computing devicehaving such HWID.
 12. The computing device of claim 10 wherein theproduct license defines at least one feature of the application asoffered by a retailer and represents an available edition of theapplication.
 13. The computing device of claim 10 wherein the productlicense defines at least one feature of the application as selected by apurchaser of such product license.
 14. The computing device of claim 10wherein the product license is packaged with referral informationincluding a particular distributor from which a base copy of theapplication, including all of the plurality of features of theapplication, is obtained.
 15. The computing device of claim 10 whereinat least a portion of each feature of the application is encrypted anddecryptable according to the key (KD), wherein the processor isprogrammed to acquire a use license including a cryptographic key froman identification encrypting the key (KD), the processor programmed toperform the steps of: receiving a request to use a particular feature ofthe application; locating the acquired use license; determining that thefeature policy in the located use license permits the requested use ofthe particular feature; retrieving the encrypted key (KD) from thelocated use license; decrypting the encrypted key (KD) and employingsame to decrypt the at least a portion of the particular feature of theapplication; and using the particular feature of the application. 16.The computing device of claim 15 wherein the processor is furtherprogrammed to validate the located use license.
 17. The computing deviceof claim 12 wherein after having acquired the use license the processoris further programmed to return the use license to reverse thetransaction by which the product license was obtained, the processorreturning such use license by performing the steps of: sending a returnrequest to the retailer including the corresponding product license asprovided thereby; receiving from the retailer an executable or a commandthat deletes the use license from the computing device in a trustedmanner; and executing the executable/command to delete the use licenseand sending a message to the retailer that the deletion of the uselicense was successful, whereby the retailer may inform the licensorthat the product license is invalid and the licensor may note same in adatabase thereof such that any future request for a use license based onthe product license is not honored.
 18. The computing device of claim 12wherein the acquired use license is tied to the computing device andwherein after having acquired the use license the processor is furtherprogrammed to return same to acquire another use license tied to anothercomputing device by performing the steps of: sending a transfer requestto the licensor including the corresponding product license as providedby the retailer; receiving from the licensor an executable or a commandthat deletes the use license from the computing device in a trustedmanner; and executing the executable/command to delete the use licenseand sending a message to the licensor that the deletion of the uselicense was successful, whereby the product license may remain valid andthe licensor may note that the product license can again be employed toobtain the another use license tied to the another computing device. 19.A computer readable storage medium containing computer executableinstructions that when executed by a processor of a computing devicecause the processor to perform the steps of: obtaining a product licensefrom a retailer by engaging in a transaction with the retailer, theproduct license corresponding to the application of a publisher, theproduct license defining at least one feature of the application thathas been requested by a user, a distributor from which to obtain a basecopy of the application, and a licensor from which to obtain a uselicense; obtaining a base copy of the application from the distributorvia a network transaction, wherein the base copy of the applicationincludes the plurality of features of the application and wherein atleast a portion of the base copy of the application is encrypted with anencryption key of the publisher; acquiring the use license correspondingto the product license obtained from the retailer by way of the actuatedapplication sending the product license to the licensor via a networktransaction along with an identification of at least one of a user, thecomputing device, a public key of the computing device, and a trustedcomponent operating on the computing device, the use license including adecryption key of the publisher for decrypting the portion of the basecopy of the application that is encrypted with said encryption key, thedecryption key being encrypted with the public key of the computingdevice, and the use license including a set of publisher specified rulesand requirements that establish the user's right to actuate theapplication and use each requested feature as defined by the productlicense; installing the application; receiving a request by the user touse a feature of the plurality of features; and computer executableinstructions that when executed by a trusted component cause the trustedcomponent to perform the steps of: actuating the application validatingthe use license using a license evaluator; based on the validation,determining that the validated use license permits the use of therequested feature based on the publisher specified rules andrequirements included in the acquired use license; and based on thedetermination that the use of the requested feature is permitted,decrypting the decryption key received in the acquired use license usinga private key of the computing device and decrypting at least a portionof the base copy of the application including the requested featureusing the decryption key.
 20. The medium of claim 19, wherein thecomputing device includes a hardware ID (HWID) identifying the computingdevice and the use license includes the HWID, further includinginstructions for causing the trusted component to retrieve the HWID fromthe computing device and to employ same to determine that the uselicense is intended to be employed on the computing device having suchHWID.
 21. The medium of claim 19 wherein at least a portion of eachfeature of the application is encrypted and decryptable according to thekey (KD), wherein the instructions cause the processor to acquire a uselicense including a cryptographic key from an identification encryptingthe key (KD) by causing the processor to perform the steps of: receivinga request to use a particular feature of the application; locating theacquired use license; determining that the feature policy in the locateduse license permits the requested use of the particular feature;retrieving the encrypted key (KD) from the located use license;decrypting the encrypted key (KD) and employing same to decrypt the atleast a portion of the particular feature of the application; and usingthe particular feature of the application.
 22. The medium of claim 21wherein the instructions further cause the processor to validate thelocated use license.
 23. The medium of claim 19 wherein after havingacquired the use license the instructions further cause the processor toreturn the use license to reverse the transaction by which the productlicense was obtained, the processor returning such use license byperforming the steps of: sending a return request to the retailerincluding the corresponding product license as provided thereby;receiving from the retailer an executable or a command that deletes theuse license from the computing device in a trusted manner; and executingthe executable/command to delete the use license and sending a messageto the retailer that the deletion of the use license was successful,whereby the retailer may inform the licensor that the product license isinvalid and the licensor may note same in a database thereof such thatany future request for a use license based on the product license is nothonored.
 24. The medium of claim 19 wherein the acquired use license istied to the computing device and wherein after having acquired the uselicense the instructions further cause the processor to return same toacquire another use license tied to another computing device byperforming the steps of: sending a transfer request to the licensorincluding the corresponding product license as provided by the retailer;receiving from the licensor an executable or a command that deletes theuse license from the computing device in a trusted manner; and executingthe executable/command to delete the use license and sending a messageto the licensor that the deletion of the use license was successful,whereby the product license may remain valid and the licensor may notethat the product license can again be employed to obtain the another uselicense tied to the another computing device.